using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace SmartLink.DTOS
{
    public class SQLInjectionCheckAttribute : ValidationAttribute
    {
        /// <summary>
        /// 注入一般性检查
        /// </summary>
        /// <param name="obj"></param>
        /// <returns></returns>
        public bool CheckInputSQL(object obj)
        {
            bool checkResult = true;
            if (obj != null)
            {
                var objs = obj.ToString().Split(new char[] { ' ', ',', ';' }, StringSplitOptions.RemoveEmptyEntries).ToArray();
                string SqlStr = " select | insert | delete | update | declare | sysobjects | syscolumns | cast | truncate | master | mid | exec ";
                string[] anySqlStr = SqlStr.Split('|');
                foreach (var s in objs)
                {
                    if (s != null && s.GetType() == typeof(string))
                    {
                        var str = s as string;
                        if (str != null && str.Trim() != "")
                        {
                            foreach (string ss in anySqlStr)
                            {
                                if (ss.IndexOf(str.ToLower()) >= 0)
                                {
                                    checkResult = false;
                                    break;
                                }
                            }
                        }
                    }
                }
            }
            return checkResult;
        }
    }
}
